Hi!
I found XSS voulnerability in your extension Quickpoll v.1.8.1. (didn't try with older versions).
Some screenshots:
http://img35.imageshack.us/i/85604884.png/
http://img24.imageshack.us/f/80798247.png/
Hope it will be fixed ASAP... :evil:
[solved] Quickpoll 1.8.1 XSS
Hi!
I found XSS voulnerability in your extension Quickpoll v.1.8.1. (didn't try with older versions).
Some screenshots:
http://img35.imageshack.us/i/85604884.png/
http://img24.imageshack.us/f/80798247.png/
Hope it will be fixed ASAP... :evil:
Re: Quickpoll 1.8.1 XSS
If I knew how to fix it, I would. I'm using a normal call $this->addToUrl(), which means shouldn't that be protected rather, as I'm just adding something to the current URL, which you could change in a number of ways..
Re: Quickpoll 1.8.1 XSS
I'm going to submit a defect for addToUrl since it goes back to the $_GET parameters, which it shouldn't actually do, since Contao uses the $this->Input->get('a'); function to screen XSS attacks out. I've modified the function in FrontEnd.php to test and this seems to work:
This is not only a problem for Quickpoll, but any extension using this function.Code:protected function addToUrl($strRequest, $blnIgnoreParams=false) { $arrGet = $blnIgnoreParams ? array() : $_GET; // <<=== THE PROBLEM .. .. foreach ($arrGet as $k=>$v) { $vv = $this->Input->get($k); // <<=== THE FIX $strParams .= $GLOBALS['TL_CONFIG']['disableAlias'] ? '&' . $k . '=' . $vv : '/' . $k . '/' . $vv; } .. }
Re: Quickpoll 1.8.1 XSS
Thanks for your quick response.
Re: Quickpoll 1.8.1 XSS
Please undo the FrontEnd suggestion I've made. I've rather added the fix into an overridden method inside the module. I've added the fixes to this method override in both module files (2 files). You can just update/fix the Repository extension.
Re: Quickpoll 1.8.1 XSS
Ok - look like all works fine now.
Posting Permissions
Reply With Quote
Bookmarks